From fcb6923c92aa6fdc16439b0e3e5708db97a499d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Mon, 4 Sep 2023 11:33:16 +0200
Subject: [PATCH] Fix wrong redirect after sign-in for RS OAuth

We use a custom auth method to pre-fill the username when reaching the
RS OAuth while signed out. However, it needs to redirect back to the RS
OAuth page after sign-in, and not to the root path.
---
 app/controllers/application_controller.rb |  4 ++++
 app/controllers/rs/oauth_controller.rb    |  1 +
 spec/features/rs/oauth_spec.rb            | 19 +++++++++++++++++++
 3 files changed, 24 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index ee049bc..ff94797 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -37,4 +37,8 @@ class ApplicationController < ActionController::Base
       format.any  { head status }
     end
   end
+
+  def after_sign_in_path_for(user)
+    session[:user_return_to] || root_path
+  end
 end
diff --git a/app/controllers/rs/oauth_controller.rb b/app/controllers/rs/oauth_controller.rb
index 061bf84..67a2beb 100644
--- a/app/controllers/rs/oauth_controller.rb
+++ b/app/controllers/rs/oauth_controller.rb
@@ -108,6 +108,7 @@ class Rs::OauthController < ApplicationController
   def require_signed_in_with_username
     unless user_signed_in?
       username, org = params[:useraddress].split("@")
+      session[:user_return_to] = request.url
       redirect_to new_user_session_path(cn: username, ou: org)
     end
   end
diff --git a/spec/features/rs/oauth_spec.rb b/spec/features/rs/oauth_spec.rb
index 48a5a13..a68556f 100644
--- a/spec/features/rs/oauth_spec.rb
+++ b/spec/features/rs/oauth_spec.rb
@@ -54,6 +54,11 @@ RSpec.describe 'remoteStorage OAuth Dialog', type: :feature do
   context "when signed out" do
     let(:user) { create :user }
 
+    before do
+      allow_any_instance_of(User).to receive(:valid_ldap_authentication?)
+        .with(user.password).and_return(true)
+    end
+
     it "prefills the username field in the signin form" do
       visit new_rs_oauth_path(useraddress: user.address,
                               redirect_uri: "http://example.com",
@@ -62,5 +67,19 @@ RSpec.describe 'remoteStorage OAuth Dialog', type: :feature do
 
       expect(find("#user_cn").value).to eq(user.cn)
     end
+
+    it "redirects to the OAuth dialog after sign-in" do
+      auth_url = new_rs_oauth_url(useraddress: user.address,
+                                   redirect_uri: "http://example.com",
+                                   client_id: "http://example.com",
+                                   scope: "documents,[photos], contacts:r")
+      visit auth_url
+
+      fill_in "User", with: user.cn
+      fill_in "Password", with: user.password
+      click_button "Log in"
+
+      expect(current_url).to eq(auth_url)
+    end
   end
 end